feat(rum): add AppMonitor L2 Construct

[WinterYukky]

Summary

This PR is implementation of aws/aws-cdk-rfcs#400 (comment)

Purpose

Create an AppMonitor L2 Construct to make it easier for users to automatically deploy the app monitor in their applications.

This PR focuses only to create a new Cognito IdentityPool.

---

README

Amazon CloudWatch RUM Construct Library

Table of Contents

• Introduction
  • App Monitor
  • Authorizer
    • Create a New Cognito ID pool
    • Existing Cognito ID pool
    • Third-party provider

Introduction

With CloudWatch RUM, you can perform real user monitoring to collect and view client-side data about your web application performance
from actual user sessions in near real time. The data that you can visualize and analyze includes page load times,
client-side errors, and user behavior. When you view this data, you can see it all aggregated together and also see breakdowns
by the browsers and devices that your customers use.

To use RUM, you create an app monitor and provide some information. RUM generates a JavaScript snippet for you to paste into your application.
The snippet pulls in the RUM web client code. The RUM web client captures data from a percentage of your application's user sessions,
which is displayed in a pre-built dashboard. You can specify what percentage of user sessions to gather data from.
For more information, see Amazon Amazon CloudWatch User Guide.

This module supports the ability for users to create CloudWatch RUM and retrieve code snippets.

App Monitor

Define an AppMonitor in your stack:

new AppMonitor(this, 'AppMonitor', {
  domain: 'my-website.com'
});

Authorizer

To use CloudWatch RUM, your application must have authorization.

You have three options to set up authorization:

• Let CloudWatch RUM create a new Amazon Cognito identity pool for the application. This method requires the least effort to set up. It's the default option.
  The identity pool will contain an unauthenticated identity.
  This allows the CloudWatch RUM web client to send data to CloudWatch RUM without authenticating the user of the application.
  The Amazon Cognito identity pool has an attached IAM role.
  The Amazon Cognito unauthenticated identity allows the web client to assume the IAM role that is authorized to send data to CloudWatch RUM.
• Use an existing Amazon Cognito identity pool. In this case, you must pass the IAM role as well that is attached to the identity pool.
• Use authentication from an existing identity provider that you have already set up.
  In this case, you must get credentials from the identity provider and your application must forward these credentials to the RUM web client.

Creates a new Amazon Cognito identity pool

By default, AppMonitor creates a new Amazon Cognito identity pool.
This is the simplest option to set up, and if you choose this no further setup steps are required.
You must have administrative permissions to use this option. For more information,
see IAM policies to use CloudWatch RUM.

new AppMonitor(this, 'AppMonitor', {
  domain: 'my-website.com'
});

Use an existing Amazon Cognito identity pool

If you want to use an existing Amazon Cognito identity pool,
you need to pass the identityPool and the role that associated with your identity pool.

import * as identitypool from '@aws-cdk/aws-cognito-identitypool';
import * as iam from '@aws-cdk/aws-iam';

declare const identityPool: identitypool.IIdentityPool;
declare const unauthenticatedRole: iam.IRole;

new AppMonitor(this, 'AppMonitor', {
  domain: 'my-website.com',
  identityPool,
  role: unauthenticatedRole 
});

Use Third-party provider

If you want to use third-party authenticator, you can only pass a role that associated with your identity pool.

import * as iam from '@aws-cdk/aws-iam';

declare const role: iam.IRole;
new AppMonitor(this, 'AppMonitor', {
  domain: 'my-website.com',
  role
});

Add the following to your application to have it pass the credentials from your provider to CloudWatch RUM.
Insert the line so that it runs after a user has signed in to your application and the application has received the credentials to use to access AWS.

cwr('setAwsCredentials', {/* Credentials or CredentialProvider */});

For more information, see Amazon Amazon CloudWatch User Guide for to use Third-party provider.

Note

This PR is work in progress. Modify the implementation according to the RFC decision.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[mergify]

Title does not follow the guidelines of Conventional Commits. Please adjust title before merge.

[WinterYukky]

I'm sorry. I overlooked CONTRIBUTING.md
I will write the RFC before create this PR. And I will reopen this PR.

[mergify]

Title does not follow the guidelines of Conventional Commits. Please adjust title before merge.

[ckifer]

Thanks for writing this! Can't wait to use it

[github-actions]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[github-actions]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[github-actions]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[github-actions]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[TheRealAmazonKendra]

@WinterYukky I am converting this PR to a draft because the RFC hasn't yet been approved. I believe you opened this PR before we changed our process, but we now require an approved RFC before any PRs for new L2 Constructs. I do see you've done a lot of work on that based off our feedback, however, and we owe you another round of reviews on that.

Once the RFC is approved and any relevant changes are made in this PR, please mark it as ready for review.

[aws-cdk-automation]

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[aws-cdk-automation]

This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: f580eca
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.